These release notes are for the Cisco MGX-RPM-1FE-CP for Cisco IOS Release 12.2(15)MC2l. These release notes are updated as needed to describe new features, memory requirements, hardware support, software platform deferrals, and changes to the microcode and related documents.

For a list of the software caveats that apply to Cisco IOS Release 12.2(15)MC2l see the "Caveats in Cisco IOS Release 12.2(15)MC2l" section. To review the release notes for Cisco IOS Release 12.2, go to www.cisco.com. Click the Support tab and select Select a Product from the drop-down menu. Under Select a category, click Routers. Under Select a product, click Cisco MWR 1900 Mobile Wireless Routers. Under General Information, click Release Notes. Under Cisco MWR 1941-DC Mobile Wireless Edge Router, select the particular release notes you want to review.

The MGX-RPM-1FE-CP back card is designed to be used with an MGX 8850 that is equipped with one or more RPM-PRs and that terminates some number of T1 lines. Each MGX-RPM-1FE-CP back card has a termination capacity of up to 16 T1s (maximum four per MLP bundle). The maximum throughput limit of RPM-PR with 1FE-CP is 120,000 packets bi-directional. In a 16 MLP interface case, the T1s are expected to be lightly loaded. The MGX-RPM-1FE-CP is only supported with the MLP encapsulation.

The MGX-RPM-1FE-CP back card contains one Fast Ethernet (100Base-Tx) interface. The interface has an RJ45 connector that is used to connect the card to a Category 5 un-shielded twisted pair (UTP) cable. Both half- and full-duplex operation are supported.

MGX-RPM-1FE-CP Back Card in an IP-RAN of a Mobile Wireless Network

The MGX-RPM-1FE-CP back card off loads the compression/decompression of RTP/UDP headers and the multiplexing/demultiplexing of PPP frames.

The supported use of the MGX-RPM-1FE-CP back card is within an IP-RAN of a mobile wireless network. In mobile wireless networks, radio coverage over a geographical space is provided by a network of radios and supporting electronics (Base Transceiver Station or BTS) distributed over a wide area. Each radio and supporting electronics represents a "cell." In traditional networks, the radio signals or radio data frames collected in each cell are forwarded over a T1 (or similar low-speed, leased) line to a centralized Base Station Controller (BSC) where they are processed.

The implementation of the MGX-RPM-1FE-CP backcard in the IP-RAN solution requires the following components:

•Cisco MGX 8850

•RPM-PR

•MGX-RPM-1FE-CP back card

•FRSM card

•BTS router (Cisco MWR 1941-DC Mobile Wireless Edge Router)

The solution uses OSPF as the routing protocol and requires MLP for transmission of the packets between the aggregation node (MGX8850) and the BTS. It requires you to configure the following:

Dual MGX-RPM-1FE-CP Back Card Support

With Cisco IOS Release 12.2(15)MC1 and later, support for a second MGX-RPM-1FE-CP back card is available. However, the second card functions as an FE interface only and does not perform any compression functions.

Usage Notes

Please note that when using two MGX-RPM-1FE-CP back cards in an RPM, the interaction between the two cards is as follows:

•When two MGX-RPM-1FE-CP back cards are installed in the RPM and the RPM boots or reboots, the card in the top slot always performs the compression function.

•When an MGX-RPM-1FE-CP back card is inserted via OIR, the slot with the first MGX-RPM-1FE-CP back card always performs the compression function.

•If two MGX-RPM-1FE-CP back cards are installed in an RPM and a card performing the compression function is removed via OIR, no compression functions will be active until one of the following events occurs:

–a second MGX-RPM-1FE-CP back card is inserted

–the remaining MGX-RPM-1FE-CP back card is removed and re-inserted

–the RPM is rebooted

•Never remove a MGX-RPM-1FE-CP via OIR without shutting down all active interfaces on it. For a MGX-RPM-1FE-CP acting as a FE interface only, shut down just the FE port. For the back card performing the compression function, shut down the multilink bundles before removing.

Note This feature requires that the rpm-boot-mz image be upgraded so that the bootloader recognizes the second MGX-RPM-1FE-CP.

Additionally, the output of the show diag command has been updated to reflect the support for a second MGX-RPM-1FE-CP.

rpm10#sho diag

Slot 1:

One Port Fast Ethernet With Co-processor Assist Port adapter, 1 port

Port adapter is analyzed

Port adapter insertion time 01:13:53 ago

Co-processor enabled

EEPROM contents at hardware discovery:

Top Assy. Part Number :800-16088-04

Part Number :73-6262-04

Board Revision :02

PCB Serial Number :PAD04001DHT

CLEI Code :B@3@24Y@A@

Manufacturing Engineer :00 00 00 00

RMA History :00

RMA Test History :00

RMA Test History :02

EEPROM format version 4

EEPROM contents (hex):

0x00:04 17 40 03 17 C0 46 03 20 00 3E D8 04 82 49 18

0x10:76 04 42 30 32 C1 0B 50 41 44 30 34 30 30 31 44

0x20:48 54 C6 8A 42 40 33 40 32 34 59 40 41 40 84 00

0x30:00 00 00 04 00 03 00 03 02 FF FF FC FF FC FF FC

0x40:FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x50:FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x60:FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x70:FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

Slot 2:

ATM CELL BUS Port adapter, 1 port

Port adapter is analyzed

Port adapter insertion time 01:14:31 ago

EEPROM contents at hardware discovery:

Top Assy. Part Number :800-00000-00

Part Number :73-0000-00

Board Revision :0

PCB Serial Number :0

EEPROM format version 4

EEPROM contents (hex):

0x00:04 51 40 00 90 C0 46 03 20 00 00 00 00 82 49 00

0x10:00 00 42 30 00 C1 01 30 FF FF FF FF FF FF FF FF

0x20:09 40 C6 8A 30 00 00 00 00 00 00 00 00 00 84 00

0x30:00 00 00 04 00 03 00 03 00 FF FF FF FF FF FF FF

0x40:04 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x50:0A 2A FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x60:42 D2 FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x70:00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x80:09 03 FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x90:42 82 FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0xA0:0C 83 FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0xB0:00 C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0xC0:40 41 FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0xD0:82 82 FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0xE0:8C EC FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0xF0:FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x100:02 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x110:63 51 FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x120:42 C2 FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x130:00 20 FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x140:38 50 FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x150:0C C2 FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x160:0C AC FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x170:FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x180:62 C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x190:82 6C FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x1A0:D1 CA FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x1B0:00 C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x1C0:92 C8 FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x1D0:21 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x1E0:0C 8C FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x1F0:FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

Slot 3:

One Port Fast Ethernet With Co-processor Assist Port adapter, 1 port

Port adapter is analyzed

Port adapter insertion time 01:14:07 ago

Co-processor disabled

EEPROM contents at hardware discovery:

Top Assy. Part Number :800-16090-04

Part Number :73-6518-04

Board Revision :02

PCB Serial Number :SAG06021EJ3

CLEI Code :BA3A25YCAA

Manufacturing Engineer :00 00 00 00

RMA History :00

RMA Test History :00

RMA Test History :02

EEPROM format version 4

EEPROM contents (hex):

0x00:04 17 40 03 17 C0 46 03 20 00 3E DA 04 82 49 19

0x10:76 04 42 30 32 C1 0B 53 41 47 30 36 30 32 31 45

0x20:4A 33 C6 8A 42 41 33 41 32 35 59 43 41 41 84 00

0x30:00 00 00 04 00 03 00 03 02 FF FF FF FF FF FF FF

0x40:FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x50:FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x60:FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x70:FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

Ignoring the IP ID in RTP/UDP Header Compression

With Cisco IOS Release 12.2(8)MC2c, IP ID checking was suppressed in RTP/UDP header compression. With Cisco IOS Release 12.2(15)MC1 and later, a new option was added to the ip rtp header-compression interface configuration command that allows you to enable or suppress this checking. The default is to suppress.

To suppress IP ID checking, issue the following command while in interface configuration mode:

Command

Purpose

Router(config-if)# ip rtp header-compression ignore-id

Suppresses the IP ID checking in RTP/UDP header compression.

To restore IP ID checking, use the no form of this command.

This new feature is identified by CSCdz75957.

Configuring ACFC and PFC Handling During PPP Negotiation

With Cisco IOS Release 12.2(15)MC1 and later, ACFC and PFC negotiation can be configured.

Note By default, ACFC/PFC is not enabled and these commands must be configured on serial interfaces.

Configuring ACFC Handling During PPP Negotiation

Use the following commands beginning in global configuration mode to configure ACFC handling during PPP negotiation:

Command

Purpose

Step 1

Router(config)# interfacetypeslot/port

Configures an interface type and enters interface configuration mode.

Step 2

Router(config-if)# shutdown

Shuts down the interface.

Step 3

Router(config-if)# ppp acfc remote {apply | reject | ignore}

Configures how the router handles the ACFC option in configuration requests received from a remote peer.

•apply—ACFC options are accepted and ACFC may be performed on frames sent to the remote peer.

•reject—ACFC options are explicitly ignored.

•ignore—ACFC options are accepted, but ACFC is not performed on frames sent to the remote peer.

Step 4

Router(config-if)# ppp acfc local {request | forbid}

Configures how the router handles ACFC in its outbound configuration requests.

•request—The ACFC option is included in outbound configuration requests.

•forbid—The ACFC option is not sent in outbound configuration requests, and requests from a remote peer to add the ACFC option are not accepted.

Step 5

Router(config-if)# no shutdown

Re-enables the interface.

Configuring PFC Handling During PPP Negotiation

Use the following commands beginning in global configuration mode to configure PFC handling during PPP negotiation:

Command

Purpose

Step 1

Router(config)# interfacetypeslot/port

Configures an interface type and enters interface configuration mode.

Step 2

Router(config-if)# shutdown

Shuts down the interface.

Step 3

Router(config-if)# ppp pfc remote {apply | reject | ignore}

Configures how the router handles the PFC option in configuration requests received from a remote peer.

•apply—PFC options are accepted and PFC may be performed on frames sent to the remote peer.

•reject—PFC options are explicitly ignored.

•ignore—PFC options are accepted, but PFC is not performed on frames sent to the remote peer.

Step 4

Router(config-if)# ppp pfc local {request | forbid}

Configures how the router handles PFC in its outbound configuration requests.

•request—The PFC option is included in outbound configuration requests.

•forbid—The PFC option is not sent in outbound configuration requests, and requests from a remote peer to add the PFC option are not accepted.

Step 5

Router(config-if)# no shutdown

Re-enables the interface.

To restore the default, use the no forms of these commands.

Note For complete details of the ACFC and PFC Handling During PPP Negotiation feature, see the ACFC and PFC Handling During PPP Negotiation feature module:

Configuring the cUDP Flow Expiration Timeout Duration

To minimize traffic flow corruption, cUDP flows now expire after an expiration timeout duration during which no packets are passed. When this duration of inactivity occurs on a flow at the compressor, the compressor sends a full header upon receiving a packet for that flow, or, if no new packet is received for that flow, makes the CID for the flow available for new use. When a packet is received at the decompressor after the duration of inactivity, the packet is dropped and a context state message is sent to the compressor requesting a flow refresh.

The default expiration timeout is 5 seconds. The recommended value is 8 seconds.

Caution Failure of performance/latency scripts could occur if the expiration timeout duration is not changed to the recommended 8 seconds.

To configure the cUDP flow expiration timeout duration, issue the following command while in multilink interface configuration mode:

Command

Purpose

Router(config-if)# ppp iphc max-time seconds

Specifies the duration of inactivity, in seconds, that when exceeded causes the cUDP flow to expire. The recommended value is 8.

To restore the default, use the no form of this command.

This new feature is identified by CSCeb44623.

Limitations, Restrictions, and Important Notes

When working with a MGX-RPM-1FE-CP back card, please take note of the following limitations, restrictions, and important notes:

•Fast Ethernet and multilink interfaces should be shut down before online insertion and removal (OIR) of the MGX-RPM-1FE-CP.

•The MGX-RPM-1FE-CP is only supported on the Cisco MGX 8850 RPM-PR.

•For PPP Multiplexing, MLP must be configured on the MGX-RPM-1FE-CP back card.

•For error messages to be stored, console logging must be configured.

•The IP MTU should be set to 512 bytes or less on multilink interfaces.

•The MGX-RPM-1FE-CP back card supports up to 16 multilink interfaces.

•MLP with LFI is not supported by the Cisco MWR 1941-DC router. Therefore, MLP with LFI must be disabled on peer devices connecting to the Cisco MWR 1941-DC router T1 MLP connections.

•To fully disable PPP Multiplexing, issue the no ppp mux command on the T1 interfaces of the routers at both ends of the T1 link. If PPP Multiplexing remains configured on one side of the link, that side will offer to receive PPP multiplexed packets.

•If upgrading to Cisco IOS Release 12.2(8)MC2c or later for the ACFC and PFC support on PPP interfaces, ensure that you upgrade the MGX-RPM-1FE-CP backcard image first. After doing so, immediately upgrade all MWR 1941-DC routers connected to the MGX-RPM-1FE-CP back card.

Caveats in Cisco IOS Release 12.2(15)MC2l

The following sections list and describe the open and resolved caveats for the Cisco MGX-RPM-1FE-CP with Cisco IOS Release 12.2(15)MC2l. Only severity 1 through 3 caveats are included.

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.

Caveats in Cisco IOS Releases 12.2 and 12.2 T are also in Cisco IOS Release 12.2(15)MC2a. For information on caveats in Cisco IOS Release 12.2, see Caveats for Cisco IOS Release 12.2. For information on caveats in Cisco IOS Release 12.2 T, see Caveats for Cisco IOS Release 12.2 T. These two documents list severity 1 and 2 caveats and are located on CCO and the Documentation DVD.

Note If you have an account with Cisco.com, you can use the Big Toolkit to find caveats of any severity for any release. To reach the Bug Toolkit, log in to Cisco.com and click Support > Tools & Resources > Bug Toolkit. Another option is to go directly to http://www.cisco.com/public/support/tac/tools.shtml.

Open Caveats

There are no known open caveats in Cisco IOS Release 12.2(15)MC2l.

Resolved Caveats

This section lists the caveats that are resolved in Cisco IOS Release 12.2(15)MC2l.

•CSCee08584

Description: Cisco Internetwork Operating System (IOS®) Software release trains 12.1YD, 12.2T, 12.3, and 12.3T when configured for the Cisco IOS Telephony Service (ITS), Cisco CallManager Express (CME), or Survivable Remote Site Telephony (SRST) may contain a vulnerability in processing certain malformed control protocol messages. A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS). This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml.

Workaround: Cisco has made free software upgrades available to address this vulnerability for all affected customers.There are workarounds available to mitigate the effects of the vulnerability (please refer to the advisory).

•CSCee41508

Description: An IOS device may crash when configured for RSVP and a certain malformed Resource ReSerVation Protocol (RSVP) packet is processed.

Workaround: If RSVP is required, no workaround exists.If RSVP is not required, disabling RSVP on all interfaces removes any exposure to this issue.

RSVP can be disabled using the "no ip rsvp bandwidth" interface configuration command. The "show ip rsvp" EXEC command can be used on an IOS device to determine if RSVP functionality has been enabled. The "show ip rsvp interface" EXEC command may be used to identify the specific interfaces on which RSVP has been enabled.

•CSCef48336

Description: A vulnerability exists in the processing of an OSPF packet that can be exploited to cause the reload of a system. Since OSPF needs to process unicast packets as well as multicast packets, this vulnerability can be exploited remotely. It is also possible for an attacker to target multiple systems on the local segment at one time.

Using OSPF Authentication can be used to mitigate the effects of this vulnerability. Using OSPF Authentication is a highly recommended security best practice. A Cisco device receiving a malformed OSPF packet will reset and may take several minutes to become fully functional. This vulnerability may be exploited repeatedly resulting in an extended DOS attack.

Workarounds: Using OSPF Authentication -

OSPF authentication may be used as a workaround. OSPF packets without a valid key will not be processed. MD5 authentication is highly recommended, due to inherent weaknesses in plain text authentication. With plain text authentication, the authentication key will be sent unencrypted over the network, which can allow an attacker on a local network segment to capture the key by sniffing packets. Refer to http://www.cisco.com/warp/public/104/25.shtml for more information about OSPF authentication.

Infrastructure Access Control Lists -

Although it is often difficult to block traffic transiting your network, it is possible to identify traffic which should never be allowed to target your infrastructure devices and block that traffic at the border of your network. Infrastructure ACLs are considered a network security best practice and should be considered as a long-term addition to good network security, as well as a workaround for this specific vulnerability. The white paper "Protecting Your Core: Infrastructure Protection Access Control Lists" presents guidelines and recommended deployment techniques for infrastructure protection ACLs, located at the following URL: http://www.cisco.com/warp/public/707/iacl.html.

•CSCek37177

Description: The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service condition. This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the Cisco IOS device will not trigger this vulnerability.

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

Description: A router that is running RCP can be reloaded by a specific packet. This is seen under the following conditions:

–The router must have RCP enabled.

–The packet must come from the source address of the designated system configured to send RCP packets to the router.

–The packet must have a specific data content.

Workaround: Put access lists on the edge of your network blocking RCP packets to prevent spoofed RSH packets. Use another protocol such as SCP. Use VTY ACLs.

•CSCse68138

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

Description: Specifically crafted CDP packets can cause a router to allocate and keep extra memory. Exploitation of this behavior by sending multiple specifically crafted CDP packets could cause memory allocation problems on the router. Since CDP is a layer-2 protocol, this issue can only be triggered by systems that are residing on the same network segment.

Workaround: Disable on interfaces where CDP is not necessary.

•CSCsf28840

Description: A vulnerability exists in the Data-link Switching (DLSw) feature in Cisco IOS where an invalid value in a DLSw message could result in a reload of the DLSw device. Successful exploitation of this vulnerability requires that an attacker be able to establish a DLSw connection to the device.

Workarounds: There are workarounds available for this vulnerability, as posted in the following advisory:

Description: On a Cisco router that has the <ip http secure server> command enabled, malformed SSL packets may cause a router to leak multiple memory blocks.

Workaround: Disable the <ip http secure server> command.

•CSCsg70355

Description: The Cisco IOS configuration command "clock summer-time <zone> recurring <date>" uses United States standards for daylight savings time rules by default. The Energy Policy Act of 2005 (H.R.6.ENR), Section 110, changes the start date from the first Sunday of April to the second Sunday of March. It changes the end date from the last Sunday of October to the first Sunday of November.

Workaround: A workaround is possible by using the <clock summer-time> configuration command to manually configure the proper start date and end date for daylight savings time. After the summer-time period for calendar year 2007 is over, one can; for example, configure: clock summer-time PDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 (This example is for the US/Pacific time zone.)

Not a Workaround: Using NTP is not a workaround to this problem. NTP does not carry any information about timezones or summertime.

•CSCsi01470

A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

Caveats in Cisco IOS Release 12.2(15)MC2h

The following sections list and describe the open and resolved caveats for the Cisco MGX-RPM-1FE-CP with Cisco IOS Release 12.2(15)MC2h. Only severity 1 through 3 caveats are included.

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.

Caveats in Cisco IOS Releases 12.2 and 12.2 T are also in Cisco IOS Release 12.2(15)MC2a. For information on caveats in Cisco IOS Release 12.2, see Caveats for Cisco IOS Release 12.2. For information on caveats in Cisco IOS Release 12.2 T, see Caveats for Cisco IOS Release 12.2 T. These two documents list severity 1 and 2 caveats and are located on CCO and the Documentation DVD.

Note If you have an account with Cisco.com, you can use the Big Toolkit to find caveats of any severity for any release. To reach the Bug Toolkit, log in to Cisco.com and click Support > Tools & Resources > Bug Toolkit. Another option is to go directly to http://www.cisco.com/public/support/tac/tools.shtml.

Open Caveats

There are no known open caveats in Cisco IOS Release 12.2(15)MC2h.

Resolved Caveats

This section lists the caveats that are resolved in Release 12.2(15)MC2h.

•CSCee45312

Description: Remote Authentication Dial In User Service (RADIUS) authentication on a device that is running certain versions of Cisco Internetworking Operating System (IOS) and configured with a fallback method to none can be bypassed. Systems that are configured for other authentication methods or that are not configured with a fallback method to none are not affected. Only the systems that are running certain versions of Cisco IOS are affected. Not all configurations using RADIUS and none are vulnerable to this issue. Some configurations using RADIUS, none and an additional method are not affected.

Workaround: Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability. For more details see the following URL:

Description: The Cisco IOS Stack Group Bidding Protocol (SGBP) feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability.

Workaround: Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability. Cisco has published a Security Advisory on this issue; it is available at the following URL:

Description: A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically generated output, such as the output from a show buffers command, will be passed to the browser requesting the page. This HTML code could be interpreted by the client browser and potentially execute malicious commands against the device or other possible cross-site scripting attacks. Successful exploitation of this vulnerability requires that a user browse a page containing dynamic content in which HTML commands have been injected.

Workaround: Cisco will be making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability. This advisory is posted at the following URL:

Description: This DDTS changes how IOS handles packets destined to the router or switch.

When sending ip packet with option 0x89 (strict source route) or 0x83 (loss source route) follow some invalid data, IOS throws out some error messages and trackback. The messages and trackback pop up every 60 seconds as long as the malformed packet is sent to the router.

Caveats in Cisco IOS Release 12.2(15)MC2g

The following sections list and describe the open and resolved caveats for the Cisco MGX-RPM-1FE-CP with Cisco IOS Release 12.2(15)MC2g. Only severity 1 through 3 caveats are included.

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.

Caveats in Cisco IOS Releases 12.2 and 12.2 T are also in Cisco IOS Release 12.2(15)MC2a. For information on caveats in Cisco IOS Release 12.2, see Caveats for Cisco IOS Release 12.2. For information on caveats in Cisco IOS Release 12.2 T, see Caveats for Cisco IOS Release 12.2 T. These two documents list severity 1 and 2 caveats and are located on CCO and the Documentation DVD.

Note If you have an account with Cisco.com, you can use the Big Toolkit to find caveats of any severity for any release. To reach the Bug Toolkit, log in to Cisco.com and click Support > Tools & Resources > Bug Toolkit. Another option is to go directly to http://www.cisco.com/public/support/tac/tools.shtml.

Open Caveats

There are no known open caveats in Cisco IOS Release 12.2(15)MC2g.

Resolved Caveats

There are no known resolved caveats in Cisco IOS Release 12.2(15)MC2g.

Caveats in Cisco IOS Release 12.2(15)MC2f

The following sections list and describe the open and resolved caveats for the Cisco MGX-RPM-1FE-CP with Cisco IOS Release 12.2(15)MC2f. Only severity 1 through 3 caveats are included.

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.

Caveats in Cisco IOS Releases 12.2 and 12.2 T are also in Cisco IOS Release 12.2(15)MC2a. For information on caveats in Cisco IOS Release 12.2, see Caveats for Cisco IOS Release 12.2. For information on caveats in Cisco IOS Release 12.2 T, see Caveats for Cisco IOS Release 12.2 T. These two documents list severity 1 and 2 caveats and are located on CCO and the Documentation DVD.

Note If you have an account with Cisco.com, you can use the Big Toolkit to find caveats of any severity for any release. To reach the Bug Toolkit, log in to Cisco.com and click Support > Tools & Resources > Bug Toolkit. Another option is to go directly to http://www.cisco.com/public/support/tac/tools.shtml.

Open Caveats

There are no known open caveats in Cisco IOS Release 12.2(15)MC2f.

Resolved Caveats

There are no known resolved caveats in Cisco IOS Release 12.2(15)MC2f.

Caveats in Cisco IOS Release 12.2(15)MC2e

The following sections list and describe the open and resolved caveats for the Cisco MGX-RPM-1FE-CP with Cisco IOS Release 12.2(15)MC2e. Only severity 1 through 3 caveats are included.

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.

Caveats in Cisco IOS Releases 12.2 and 12.2 T are also in Cisco IOS Release 12.2(15)MC2a. For information on caveats in Cisco IOS Release 12.2, see Caveats for Cisco IOS Release 12.2. For information on caveats in Cisco IOS Release 12.2 T, see Caveats for Cisco IOS Release 12.2 T. These two documents list severity 1 and 2 caveats and are located on CCO and the Documentation DVD.

Note If you have an account with Cisco.com, you can use the Big Toolkit to find caveats of any severity for any release. To reach the Bug Toolkit, log in to Cisco.com and click Support > Tools & Resources > Bug Toolkit. Another option is to go directly to http://www.cisco.com/public/support/tac/tools.shtml.

Open Caveats

There are no known open caveats in Cisco IOS Release 12.2(15)MC2e.

Resolved Caveats

This section lists the caveats that are resolved in Release 12.2(15)MC2e.

•CSCea64571

Description: The PPP over Ethernet (PPPoE) or PPP over ATM (PPPoA) sessions that go down may cause a leak of full virtual-access interfaces. This symptom is not observed with configurations that use virtual-access subinterfaces.

This symptom is observed with PPPoE or PPPoA sessions that clear because of the PPP protocol goes down (because of a termination request [TERMREQ] from a peer router or a PPP keepalive failure). The leaked virtual-access interfaces are not reused for new sessions. This results in the creation of new virtual-access interfaces for new sessions.

Workaround: There is currently no workaround.

•CSCea64843

Description: A crash may occur when bringing up a large number of PPP over ATM (PPPoA) sessions.

This symptom is observed on a Cisco router that is running Cisco IOS Releases 12.2(15)B and 12.3.

Workaround: There is currently no workaround.

•CSCei61732

Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.

Cisco has made free software available that includes the additional integrity checks for affected customers.

Caveats in Cisco IOS Release 12.2(15)MC2b

The following sections list and describe the open and resolved caveats for the Cisco MGX-RPM-1FE-CP with Cisco IOS Release 12.2(15)MC2b. Only severity 1 through 3 caveats are included.

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.

Caveats in Cisco IOS Releases 12.2 and 12.2 T are also in Cisco IOS Release 12.2(15)MC2a. For information on caveats in Cisco IOS Release 12.2, see Caveats for Cisco IOS Release 12.2. For information on caveats in Cisco IOS Release 12.2 T, see Caveats for Cisco IOS Release 12.2 T. These two documents list severity 1 and 2 caveats and are located on CCO and the Documentation DVD.

Note If you have an account with Cisco.com, you can use the Big Toolkit to find caveats of any severity for any release. To reach the Bug Toolkit, log in to Cisco.com and click Support > Tools & Resources > Bug Toolkit. Another option is to go directly to http://www.cisco.com/public/support/tac/tools.shtml.

Open Caveats

There are no known open caveats in Cisco IOS Release 12.2(15)MC2b.

Resolved Caveats

This section lists the caveats that are resolved in Release 12.2(15)MC2b.

This symptom is observed on a FE RPM-PR Backcard. To identify this problem, the output of the show interface fastethernet command shows no input packets and all packets as overrun:

30 second input rate 0 bits/sec, 0 packets/sec

30 second output rate 100000 bits/sec, 106 packets/sec

0 packets input, 0 bytes

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 263523 overrun, 0 ignored

The output of the show controllers command for the Fast Ethernet interface shows high numbers for "rx_fifo_overflow" and "throttled":

throttled=5352, enabled=5352, disabled=0

rx_fifo_overflow=434500, rx_no_enp=0, rx_state=0

Workaround: To clear the symptom, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the Fast Ethernet interface.

Further Problem Description: In the output of the show controllers command for the Fast Ethernet interface, locate the value for CFRV. If the last byte is either 0x20, 0x21, 0x22, or 0x23, the Fast Ethernet is susceptible to the symptom.

•CSCsa81379

Description: NetFlow Feature Acceleration CLI.

NetFlow Feature Acceleration has been deprecated and removed from Cisco IOS. The global command ip flow-cache feature-accelerate will no longer be recognized in any IOS configuration.

If your router configuration does not currently contain the command ip flow-cache feature-accelerate, this change does not affect you.

This removal does not require an upgrade of your existing installation.

The removal of NetFlow Feature Acceleration does not affect any other aspects of Netflow operation, for example Access-list processing. The features are separate and distinct.

Additionally, the following MIB objects and OIDs have been deprecated and removed from the netflow mib (CISCO-NETFLOW-MIB):

cnfFeatureAcceleration 1.3.6.1.4.1.9.9.99999.1.3

cnfFeatureAccelerationEnable 1.3.6.1.4.1.9.9.99999.1.3.1

cnfFeatureAvailableSlot 1.3.6.1.4.1.9.9.99999.1.3.2

cnfFeatureActiveSlot 1.3.6.1.4.1.9.9.99999.1.3.3

cnfFeatureTable 1.3.6.1.4.1.9.9.99999.1.3.4

cnfFeatureEntry 1.3.6.1.4.1.9.9.99999.1.3.4.1

cnfFeatureType 1.3.6.1.4.1.9.9.99999.1.3.4.1.1

cnfFeatureSlot 1.3.6.1.4.1.9.9.99999.1.3.4.1.2

cnfFeatureActive 1.3.6.1.4.1.9.9.99999.1.3.4.1.3

cnfFeatureAttaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.4

cnfFeatureDetaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.5

cnfFeatureConfigChanges 1.3.6.1.4.1.9.9.99999.1.3.4.1.6

Caveats in Cisco IOS Release 12.2(15)MC2a

The following sections list and describe the open and resolved caveats for the Cisco MGX-RPM-1FE-CP with Cisco IOS Release 12.2(15)MC2a. Only severity 1 through 3 caveats are included.

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.

Caveats in Cisco IOS Releases 12.2 and 12.2 T are also in Cisco IOS Release 12.2(15)MC2a. For information on caveats in Cisco IOS Release 12.2, see Caveats for Cisco IOS Release 12.2. For information on caveats in Cisco IOS Release 12.2 T, see Caveats for Cisco IOS Release 12.2 T. These two documents list severity 1 and 2 caveats and are located on CCO and the Documentation DVD.

Note If you have an account with Cisco.com, you can use the Big Toolkit to find caveats of any severity for any release. To reach the Bug Toolkit, log in to Cisco.com and click Support > Tools & Resources > Bug Toolkit. Another option is to go directly to http://www.cisco.com/public/support/tac/tools.shtml.

Open Caveats

The following caveat is open in Cisco IOS Release 12.2(15)MC2a.

•CSCeb24086

Description: Administratively shutting down an FE interface while traffic is flowing on a second MGX-RPM-1FE-CP interface might cause a few seconds of packet lost on the second FE interface.

Workaround: Do not administratively shut down an FE interface on an active system when traffic is flowing.

•CSCeb76514

Description: The checkheaps process detects corrupted memory and when packets back up into the bundle output hold queue, causes a router reload.

A Cisco device running Internetwork Operating System (IOS) and enabled for the Open Shortest Path First (OSPF) Protocol is vulnerable to a Denial of Service (DoS) attack from a malformed OSPF packet. The OSPF protocol is not enabled by default.

The vulnerability is only present in IOS release trains based on 12.0S, 12.2, and 12.3. Releases based on 12.0, 12.1 mainlines and all IOS images prior to 12.0 are not affected. Refer to the Security Advisory for a complete list of affected release trains.

Further details and the workarounds to mitigate the effects are explained in the Security Advisory which is available at the following URL:

Description: When the MGX-RPM-1FE-CP FastEthernet interface is administratively shut down, for directly connected devices, the interface still appears to be up.

•CSCec25430

Description: A Cisco device reloads on receipt of a corrupt CDP packet.

•CSCed40563

Description: Problems with the CDP protocol have been resolved.

•CSCin67568

Description: A Cisco device experiences a memory leak in the CDP process. The device sending CDP packets sends a hostname that is 256 or more characters. There are no problems with a hostname of 255 or fewer characters.

Troubleshooting

This section contains the following MGX-RPM-1FE-CP troubleshooting information:

Collecting Data for Back Card and Router Issues

To collect data for reporting back card and router issues, issue the following commands:

•show tech-support—Displays general information about the router when it reports a problem.

•show logging—Displays information in the syslog history table.

Modifying the MLP Reorder Buffer

When PPP multiplexing is disabled on the inbound direction of a MWR 1941-DC multilink, there are many more packets to reorder. Therefore, we recommend that you modify the MLP reorder buffer using the ppp multilink slippage interface configuration commands to avoid discarded fragments due to buffer overflow.

Slippage is the amount by which data arriving on one link in a multilink bundle might lag behind data transmitted over another link in that bundle. The amount of slippage might be expressed as a direct byte count, but it is also commonly expressed as a measure of time, in terms of the differential delay between the links.

A small amount of slippage between links is normal. Whenever slippage occurs, the multilink input process must buffer fragment data arriving on the faster channels until it receives all expected fragments on the remaining links, so that it can sort the fragments back into proper order, reassemble datagrams as necessary, and then deliver the datagrams in proper order to the higher network layers (multilink fragments include sequence numbers so that the multilink receiver can readily detect when packets are arriving out of order). The receiver must be capable of buffering enough data to compensate for normal slippage between the links, otherwise it will be incapable of completely sequencing and reassembling datagrams, and some data will be lost.

With Cisco IOS Release 12.2(15)MC1 and later, the MLP reorder buffer can be adjusted for cases where the slippage is larger than the defaults readily accommodate. The buffer size is set by defining a one or more constraints, each of which indirectly implies some byte limit. The limit used is the maximum of the value derived from the constraints.

To define the constraints that set the MLP reorder buffer size, issue the following commands while in interface configuration mode:

Command

Purpose

Step 6

Router(config-if)# ppp multilink slippage mru value

Specifies that the buffer limit is x bytes where the byte count is expressed as a multiple of the maximum receive unit (MRU) negotiated for the bundle (the buffer limit is derived as the number of times defined for the value times the size of the largest packet received). Valid values are 2 through 32. The default is 8.

Note The MRU is dynamically negotiated with the peer when the connection is established, therefore, the byte count also

Step 7

Router(config-if)# ppp multilink slippage msec value

Specifies the buffer limit, in milliseconds worth of data. Valid range is 1 to 16000.

Note The actual amount of data buffered depends upon the bandwidth of the links.

Usage Notes

Note that these limits are on a "per-link" basis. For example, issuing ppp multilink slippage mru 4 means that the total amount of data which is buffered by the bundle is 4 times the MRU times the number of links in the bundle.

The reassembly engine is also affected by the lost fragment timeout, which is configured using the ppp timeout multilink lost-fragment command.

The buffer limit derived from the slippage constraints implies a corresponding tolerated differential delay between the links. Since it does not make sense to be declaring a fragment lost due to a timeout when it is within the delay window defined by the slippage, the timeout will be dynamically increased as necessary so that it is never smaller than the delay value derived from the slippage parameters.

Documentation Updates

This section contains information that was not included or was documented incorrectly in the MGX-RPM-1FE-CP Back Card Installation and Configuration Note. The heading in this section corresponds with the applicable section title in the documentation.

Configuring RTP/UDP Compression

The maximum number of RTP header compression connections is documented as 150 per T1 interface and up to 600 connections per MLP bundle when in fact, 1000 connections are supported per MLP bundle regardless of whether the bundle contains one T1 interface or four.

The show ppp mux Command

The efficiency improvement factor calculation documented in the show ppp mux command section is incorrect. The correct improvement factor calculation uses bytes, not packets, and is as follows:

The detail keyword is not supported in the show ip rtp header-compression command on the MGX-RPM-1FE-CP back card. Output does not display for the detail keyword if specified in command.

Related Documentation

The following sections describe the available documentation related to the Cisco MGX-RPM-1FE-CP back card.These documents consist of hardware and software installation guides, Cisco IOS configuration guides and command references, system error messages, and other documents.

Documentation is available in printed or electronic form.

Platform-Specific Documents

These documents are available for the Cisco MWR 1941-DC Mobile Wireless Edge Router on Cisco.com and the Documentation DVD:

Feature Modules

Feature modules describe new features supported by Cisco IOS Release 12.2 MC and are updates to the Cisco IOS documentation set. A feature module consists of an overview of the feature, configuration tasks, and a command reference.

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: